#VU65007 Processor optimization removal or modification of security-critical code


Published: 2022-07-07

Vulnerability identifier: #VU65007

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-23960

CWE-ID: CWE-1037

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Cortex-R7
Hardware solutions / Firmware
Cortex-R8
Hardware solutions / Firmware
Cortex-A57
Hardware solutions / Firmware
Cortex-A65
Hardware solutions / Firmware
Cortex-A65AE
Hardware solutions / Firmware
Cortex-A72
Hardware solutions / Firmware
Cortex-A73
Hardware solutions / Firmware
Cortex-A75
Hardware solutions / Firmware
Cortex-A76
Hardware solutions / Firmware
Cortex-A77
Hardware solutions / Firmware
Cortex-A78
Hardware solutions / Firmware
Cortex-A78AE
Hardware solutions / Firmware
Cortex-A710
Hardware solutions / Firmware
Neoverse-E1
Hardware solutions / Firmware
Neoverse-N1
Hardware solutions / Firmware
Neoverse-V1
Hardware solutions / Firmware
Neoverse-N2
Hardware solutions / Firmware
Cortex-X1
Hardware solutions / Firmware
Cortex-X2
Hardware solutions / Firmware

Vendor: ARM

Description

The vulnerability allows a local user to obtain potentially sensitive information.

The vulnerability exists due to improper restrictions of cache speculation. A local user can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches and gain access to sensitive information.

The vulnerability was dubbed Spectre-BHB.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cortex-R7: All versions

Cortex-R8: All versions

Cortex-A57: All versions

Cortex-A65: All versions

Cortex-A65AE: All versions

Cortex-A72: All versions

Cortex-A73: All versions

Cortex-A75: All versions

Cortex-A76: All versions

Cortex-A77: All versions

Cortex-A78: All versions

Cortex-A78AE: All versions

Cortex-A710: All versions

Neoverse-E1: All versions

Neoverse-N1: All versions

Neoverse-V1: All versions

Neoverse-N2: All versions

Cortex-X1: All versions

Cortex-X2: All versions


CPE

External links
http://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
http://developer.arm.com/support/arm-security-updates
http://www.openwall.com/lists/oss-security/2022/03/18/2


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability